pkgs/development/libraries/tpm2-tss/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / development / libraries / tpm2-tss / default.nix
at devShellTools-shell 4.7 kB view raw
  1{
  2  stdenv,
  3  lib,
  4  fetchFromGitHub,
  5  autoreconfHook,
  6  autoconf-archive,
  7  pkg-config,
  8  doxygen,
  9  perl,
 10  openssl,
 11  json_c,
 12  curl,
 13  libgcrypt,
 14  cmocka,
 15  uthash,
 16  swtpm,
 17  iproute2,
 18  procps,
 19  which,
 20  libuuid,
 21  libtpms,
 22}:
 23let
 24  # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
 25  # tpm2-tss tests depend on procps, procps depends on systemd by default). This
 26  # needs to be conditional based on isLinux because procps for other systems
 27  # might not support the withSystemd option.
 28  procpsWithoutSystemd = procps.override { withSystemd = false; };
 29  procps_pkg = if stdenv.hostPlatform.isLinux then procpsWithoutSystemd else procps;
 30in
 31
 32stdenv.mkDerivation rec {
 33  pname = "tpm2-tss";
 34  version = "4.1.3";
 35
 36  src = fetchFromGitHub {
 37    owner = "tpm2-software";
 38    repo = pname;
 39    rev = version;
 40    hash = "sha256-BP28utEUI9g1VNv3lCXuiKrDtEImFQxxZfIjLiE3Wr8=";
 41  };
 42
 43  outputs = [
 44    "out"
 45    "man"
 46    "dev"
 47  ];
 48
 49  nativeBuildInputs = [
 50    autoreconfHook
 51    autoconf-archive
 52    pkg-config
 53    doxygen
 54    perl
 55  ];
 56
 57  buildInputs = [
 58    openssl
 59    json_c
 60    curl
 61    libgcrypt
 62    uthash
 63    libuuid
 64    libtpms
 65  ]
 66  # cmocka is checked in the configure script
 67  # when unit and/or integration testing is enabled
 68  # cmocka doesn't build with pkgsStatic, and we don't need it anyway
 69  # when tests are not run
 70  ++ lib.optional doInstallCheck cmocka;
 71
 72  nativeInstallCheckInputs = lib.optionals doInstallCheck [
 73    cmocka
 74    which
 75    openssl
 76    procps_pkg
 77    iproute2
 78    swtpm
 79  ];
 80
 81  strictDeps = true;
 82  preAutoreconf = "./bootstrap";
 83
 84  enableParallelBuilding = true;
 85
 86  patches = [
 87    # Do not rely on dynamic loader path
 88    # TCTI loader relies on dlopen(), this patch prefixes all calls with the output directory
 89    ./no-dynamic-loader-path.patch
 90
 91    # Configure script expects tools from shadow (e.g. useradd) but they are
 92    # actually optional (and we can’t use them in Nix sandbox anyway). Make the
 93    # check in configure.ac a warning instead of an error so that we can run
 94    # configure phase on platforms that don’t have shadow package (e.g. macOS).
 95    # Note that *on platforms* does not mean *for platform* i.e. this is for
 96    # cross-compilation, tpm2-tss does not support macOS, see upstream issue:
 97    # https://github.com/tpm2-software/tpm2-tss/issues/2629
 98    # See also
 99    # https://github.com/tpm2-software/tpm2-tss/blob/6c46325b466f35d40c2ed1043bfdfcfb8a367a34/Makefile.am#L880-L898
100    ./no-shadow.patch
101  ];
102
103  postPatch = ''
104    patchShebangs script
105    substituteInPlace src/tss2-tcti/tctildr-dl.c \
106      --replace-fail '@PREFIX@' $out/lib/
107    substituteInPlace ./test/unit/tctildr-dl.c \
108      --replace-fail '@PREFIX@' $out/lib/
109    substituteInPlace ./bootstrap \
110      --replace-fail 'git describe --tags --always --dirty' 'echo "${version}"'
111    for src in src/tss2-tcti/tcti-libtpms.c test/unit/tcti-libtpms.c; do
112      substituteInPlace "$src" \
113        --replace-fail '"libtpms.so"' '"${libtpms.out}/lib/libtpms.so"' \
114        --replace-fail '"libtpms.so.0"' '"${libtpms.out}/lib/libtpms.so.0"'
115    done
116  ''
117  # tcti tests rely on mocking function calls, which appears not to be supported
118  # on clang
119  + lib.optionalString stdenv.cc.isClang ''
120    sed -i '/TESTS_UNIT / {
121      /test\/unit\/tcti-swtpm/d;
122      /test\/unit\/tcti-mssim/d;
123      /test\/unit\/tcti-device/d
124    }' Makefile-test.am
125  '';
126
127  configureFlags =
128    lib.optionals doInstallCheck [
129      "--enable-unit"
130      "--enable-integration"
131    ]
132    ++ lib.optionals stdenv.hostPlatform.isDarwin [
133      # sys/prctl.h required
134      "--disable-tcti-cmd"
135      # uchar.h required
136      "--disable-fapi"
137      "--disable-policy"
138      # uses fallocate
139      "--disable-tcti-libtpms"
140    ];
141
142  postInstall = ''
143    # Do not install the upstream udev rules, they rely on specific
144    # users/groups which aren't guaranteed to exist on the system.
145    rm -R $out/lib/udev
146  '';
147
148  doCheck = false;
149  doInstallCheck =
150    stdenv.buildPlatform.canExecute stdenv.hostPlatform
151    && !stdenv.hostPlatform.isDarwin
152    # Tests rely on mocking, which can't work with static libs.
153    && !stdenv.hostPlatform.isStatic;
154  # Since we rewrote the load path in the dynamic loader for the TCTI
155  # The various tcti implementation should be placed in their target directory
156  # before we could run tests, so we make turn checkPhase into installCheckPhase
157  installCheckTarget = "check";
158
159  meta = with lib; {
160    description = "OSS implementation of the TCG TPM2 Software Stack (TSS2)";
161    homepage = "https://github.com/tpm2-software/tpm2-tss";
162    license = licenses.bsd2;
163    platforms = platforms.unix;
164    maintainers = with maintainers; [ baloo ];
165  };
166}